paint-brush
How to Secure Your Laravel Application by@epmnzava
2,147 reads
2,147 reads

How to Secure Your Laravel Application

by epmnzava
epmnzava HackerNoon profile picture

epmnzava

@epmnzava

Software Engineer and techprenuer with passion of helping entreprenuers and...

December 4th, 2021
Read on Terminal Reader
Read this story in a terminal
Print this story
Read this story w/o Javascript
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Nowadays, the tools we use to browse the internet require us to follow security standards. Otherwise, they tend to flag our web applications/sites as insecure. This can be very stressful. I myself have been struggling with this situation for some time on every Laravel application I have built. Below is an overview of the steps that you can take to make sure your Laravel application is always secure (and with HTTPS).

Company Mentioned

Mention Thumbnail
Twitter
featured image - How to Secure Your Laravel Application
1x
Read by Dr. One voice-avatar

Listen to this story

epmnzava HackerNoon profile picture
epmnzava

epmnzava

@epmnzava

Software Engineer and techprenuer with passion of helping entreprenuers and small businesses using Technology

About @epmnzava
LEARN MORE ABOUT @EPMNZAVA'S
EXPERTISE AND PLACE ON THE INTERNET.


Nowadays, the tools we use to browse the internet require us to follow security standards. Otherwise, they tend to flag our web applications/sites as insecure.


This can be very stressful.


I myself have been struggling with this situation for some time on every Laravel application I have built.


Below is an overview of the steps that you can take to make sure your Laravel application is always secure (and with HTTPS).


image


STEP 1


First, you need to purchase an SSL certificate from your desired hosting provider or certificate authority.


After you have purchased your desired SSL certificate, move to install it to your server and follow the processes below to make sure your Laravel application always points to https.

Force HTTPS With Middleware

To force redirect a HTTP URL to HTTPS you can use middleware to handle the redirect. This is just a simple solution and doesn’t require a change to the server.


You can make the middleware by running “PHP artisan make:middleware HttpsMiddleware

and it will generate a file similar to the one below (or just copy and paste this file in app/Http/Middleware/HttpsMiddleware.php).


This will check if the request is secure, if it is not secure, it will redirect the user to the secure/HTTPS URL.


namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\App;

class HttpsMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (!$request->secure() && app()->environment('production')) {
            return redirect()->secure($request->getRequestUri());
        }

        return $next($request);
    }
}


Then in your Kernel which is found on (app/Http/Kernel.php) you can place the created middleware in the web group, which is applied to every request to your Laravel application.


See below:


protected $middlewareGroups = [
    'web' => [
       \App\Http\Middleware\EncryptCookies::class,

       \Illuminate\Routing\Middleware\SubstituteBindings::class,
       \App\Http\Middleware\HttpsMiddleware::class
    ],

    'api' => [
        'throttle:60,1',
    ],
];

Force HTTPS with Nginx

Change Nginx server configuration to the following:


server {
    listen 80;
    listen [::]:80;
    server_name yoursite.com www.yoursite.com; 
    return 301 https://yoursite.com$request_uri;
}


What this does is listen on port 80 (HTTP traffic) and redirect all traffic to example.com & www.yoursite.com to the new HTTPS-URL, yoursite.com/*.


Based on the $request_uri parameter, Nginx will redirect the user to its original URL but then the HTTPS version.

Force HTTPS with .htaccess (Most Common)


You can also force HTTPS on the .htaccess file it’s possible to redirect all your HTTP requests to HTTPS. It’s just a few lines of code, that will check if the request is not HTTPS, if so, it will be redirected to the HTTPS version of your application.


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]




Before you go… Thanks for reading the article! If you enjoyed it, please don’t forget to show your appreciation by clicking 👏 below! Any questions or comments hit me up on:


Mail: epmnzava@gmail.com

Twitter: https://twitter.com/epmnzava

Github: https://github.com/dbrax


Also published here.

L O A D I N G
. . . comments & more!

About Author

epmnzava HackerNoon profile picture
epmnzava@epmnzava
Software Engineer and techprenuer with passion of helping entreprenuers and small businesses using Technology

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
Coffee-web
Unni
Hashnode
Learnrepo
Unni

Mentioned in this story

companies
X REMOVE AD